add port option

2020-12-20 11:52:34 +01:00 · 2020-12-20 11:52:34 +01:00 · 319c7a1be9
commit 319c7a1be9
parent 416b20cdf5
2 changed files with 30 additions and 12 deletions
--- a/fuzzers/libfuzzer/src/lib.rs
+++ b/fuzzers/libfuzzer/src/lib.rs
@ -49,6 +49,13 @@ const NAME_COV_MAP: &str = "cov_map";
 pub extern "C" fn afl_libfuzzer_main() {
    let matches = App::new("libAFLrs fuzzer harness")
        .about("libAFLrs fuzzer harness help options.")
+        .arg(
+            Arg::with_name("port")
+                .short("p")
+                .value_name("PORT")
+                .takes_value(true)
+                .help("Broker TCP port to use."),
+        )
        .arg(
            Arg::with_name("dictionary")
                .short("x")
@ -72,6 +79,7 @@ pub extern "C" fn afl_libfuzzer_main() {
        .get_matches();

    let statstime = value_t!(matches, "statstime", u32).unwrap_or(5);
+    let broker_port = value_t!(matches, "port", u16).unwrap_or(1337);

    let workdir = if matches.is_present("workdir") {
        matches.value_of("workdir").unwrap().to_string()
@ -90,6 +98,10 @@ pub extern "C" fn afl_libfuzzer_main() {
        input = Some(values_t!(matches, "workdir", String).unwrap_or_else(|e| e.exit()));
    }

+    if dictionary != None || input != None {
+        println!("Information: the first process started is the broker and only processes the \'-p PORT\' option if present.");
+    }
+
    // debug prints

    println!("workdir: {}", workdir);
@ -113,23 +125,13 @@ pub extern "C" fn afl_libfuzzer_main() {
    let mut generator = RandPrintablesGenerator::new(32);

    let stats = SimpleStats::new(|s| println!("{}", s));
-    let mut mgr = LlmpEventManager::new_on_port(1337, stats).unwrap();
+    let mut mgr = LlmpEventManager::new_on_port(broker_port, stats).unwrap();
    if mgr.is_broker() {
        println!("Doing broker things.");
        mgr.broker_loop().unwrap();
    }
    println!("We're a client, let's fuzz :)");

-    //    unsafe {
-
-    //        if afl_libfuzzer_init(...) == -1 {
-
-    //            println("Warning: LLVMFuzzerInitialize failed with -1")
-
-    //        }
-
-    //    }
-
    let edges_observer =
        StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
            __lafl_max_edges_size as usize
@ -141,6 +143,12 @@ pub extern "C" fn afl_libfuzzer_main() {

    let mut engine = Engine::new(executor);

+    //    unsafe {
+    //        if afl_libfuzzer_init(...) == -1 {
+    //            println("Warning: LLVMFuzzerInitialize failed with -1")
+    //        }
+    //    }
+
    if input != None {
        state
            .load_initial_inputs(
--- a/fuzzers/libfuzzer/test.sh
+++ b/fuzzers/libfuzzer/test.sh
@ -7,6 +7,16 @@ rm -f test_fuzz.elf test_fuzz.o
 ./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1
 ./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1

-RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 foo bar
+RUST_BACKTRACE=1 ./test_fuzz.elf &
+PID1=$!

+test "$PID1" -gt 0 && {

+  usleep 250
+  RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 in1 in2 &
+  sleep 10
+  kill $!
+
+}
+sleep 10
+kill $PID1